Metamail.Format.String.Handling
Description
Metamail is vulnerable to a number of format string exploits. The first vulnerability is in the "SaveSquirrelFile()" function. If a malicious attacker sends a specially crafted message containing a "multipart/alternative" media type and format specifiers in the "Content-Type" header, it can lead to the execution of arbitrary code. The second vulnerabilitiy exists in the "PrintHeader()" function when handling messages containing certain characters in the mail header. It can be exploited by including format specifiers leading to the execution of arbitrary code.
Affected Products
Metamail Metamail 2.7
Impact
Compromise of the affected system.
Recommended Actions
Apply appropriate patch from the vendor or upgrade to non-vulnerable version if available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |